On February 2, 2022, the UK privacy regulator (i.e., the Information Commissioner's Office or the ICO) issued new model clauses to support data transfers from the UK. Subject to approval by the UK Parliament, the new model...more
They State That Direct Collection of Personal Data by Non-EU Companies Is Not a "Data Transfer" Under the GDPR On November 18, 2021, the European Data Protection Board (EDPB) issued guidelines (Guidelines) that—for the first...more
New Set of SCCs for Data Transfers to Third Countries On June 4, 2021, the European Commission (EC) published its long awaited new set of Standard Contractual Clauses (New SCCs). This new data transfer mechanism allows for...more
On December 15, 2020, the European Commission (EC) unveiled a set of proposals to regulate digital platforms. The draft laws include antitrust-related requirements, addressed by the Digital Markets Act (DMA) and more general...more
On December 24, 2020, the European Commission (EC) and UK government announced the long-awaited EU-UK Trade and Cooperation Agreement (the Brexit Agreement), which sets out the future relations between the EU and the UK. If...more
On November 12, 2020, the European Commission (EC) issued a draft version of a new set of Standard Contractual Clauses (New SCCs). The long-awaited New SCCs include several modules that companies can use depending on the...more
On November 11, 2020, the European Data Protection Board (EDPB), comprised of the European data protection regulators (DPAs), issued two long-awaited sets of recommendations. These recommendations are critical for any...more
On July 16, 2020, the European Court of Justice (ECJ) declared the EU-U.S. Privacy Shield framework (Privacy Shield) invalid. The ECJ upheld the EU Standard Contractual Clauses (SCCs), but ruled that companies must verify...more
On April 21, 2020, the European Data Protection Board (EDPB) published two sets of guidelines addressing data processing in the context of the COVID-19 pandemic. These guidelines address the use of location data and contact...more
On April 14, 2020, the European Data Protection Board (the EDPB) published a letter in response to the European Commission's call for consultation (the letter) regarding its recommendation on the use of mobile applications...more
The COVID-19 virus outbreak poses serious challenges to businesses operating globally, including in Europe. In response to the outbreak, governments worldwide are taking increasingly severe measures to fight the pandemic, and...more
3/26/2020
/ Coronavirus/COVID-19 ,
Corporate Counsel ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Data Subject Access Requests ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Security ,
Personal Data ,
Privacy Laws
On December 10, 2019, the Danish Supervisory Authority (SA) published its final version of Standard Contractual Clauses (SCCs) that data controllers and processors may use to satisfy the General Data Protection Regulation...more
On December 19, 2019, in the Facebook Ireland and Schrems (Schrems 2.0) case, the Advocate General (AG) to the European Court of Justice (ECJ)—European Union's highest court—opined that the EU Standard Contractual Clauses...more
12/23/2019
/ Binding Corporate Rules ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
European Supervisory Authorities (ESAs) ,
Facebook ,
International Data Transfers ,
Personal Data ,
Popular ,
Right to Be Forgotten ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance ,
US-EU Safe Harbor Framework
On July 18, 2019, the French Data Protection Authority (CNIL) issued new guidance on the use of cookies and similar tracking technologies (collectively referred to as “cookies” below). The guidance clarifies the instances in...more
7/31/2019
/ CNIL ,
Cookies ,
Data Protection Authority ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Guidance Update ,
Implied Consent ,
New Guidance ,
Popular ,
Prior Express Consent ,
Privacy Laws ,
UK ,
UK ICO ,
Website Owner Liability ,
Websites
On June 28, 2019, the French Data Protection Authority (CNIL) released its 2019-2020 action plan on ad targeting (action plan); among other things, the CNIL announced that it will issue new cookie guidance later this month...more
On July 9, 2019, the European Court of Justice (ECJ)—the highest court of the European Union—will hear oral arguments in the Schrems 2.0 case relating to the validity of two key data transfer mechanisms: the Standard...more
7/26/2019
/ Binding Corporate Rules ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Safe Harbors ,
Standard Contractual Clauses
On June 27, 2019, the EU Regulation on Information and Communication Technology (Cybersecurity Act or Act) became effective introducing, for the first time, EU-wide rules for the cybersecurity certification of products and...more